WikiLeaks Imbroglio Renews Focus on Risk Management

December 13, 2010 - If the financial crisis reminded the insurance industry of how exogenous events can test their risk management mettle, the recent flare up surrounding the disclosure of classified documents by WikiLeaks should provide a potent reminder about some of the risk challenges presented by information security.

While much of the heat around WikiLeaks centers on the legal and geopolitical circus surrounding founder Julian Assange and how difficult it is to restrict the dispersal of information in the Digital Age, for insurers, the real story is how the site managed to compile troves of internal data from the government agencies and corporations in the first place.

With insurers possessing huge amounts of customer and operational data that is vulnerable to both accidental and purposeful disclosure, the need to adopt best practices for information management is imperative.

A recent report from Lloyds, "Managing Digital Risk: Trends, Issues and Implications for Business," notes that insurers need to cast a wide net to manage risk.

“As business becomes increasingly reliant on technology and the rate of technological change continues apace, the digital risks facing companies are likely to grow and become increasingly complex,” the report says. “Risk managers need to develop comprehensive digital risk management strategies that involve a range of mitigations, as well as risk transfer solutions. Risk managers need to prioritize which of the many IT security options available will best mitigate risk for their company. They also need to consider how to best use technology standards, guidelines and research [regarding] digital risks to help manage cyber threats.”

Moreover, the report asserts that a commitment to risk management must come from the highest levels.

Yet, a report from the Economist Intelligence Unit, "Fall Guys: Risk Management in the Front Line," argues that even as risk management is currently enjoying an unprecedented level of authority and visibility, risk managers still often have to struggle to make their voices heard.

“Examples of companies that take a genuinely strategic approach to their risk management [practices] remain few and far between,” the report states. “Communication between risk functions and the broader business can sometimes be fragmented, while an enterprise-wide culture and awareness of risk can be difficult to achieve.”

Given this, it may be fair to ask how well situated the insurance industry is to handle another crisis approaching or exceeding the events of September 2008. “The industry will vary,” Joan Lamm-Tennant, chief economist and risk strategist for Guy Carpenter Co., tells Insurance Networking News. “Some [are] well prepared and others may be surprised.”

Lloyds argues that in addition to working to mitigate risk, insurers should also regard it as a market opportunity. “In order to effectively manage digital risk, businesses should consider transferring some of these risks to third parties through insurance solutions. While many traditional insurance policies do not cover digital risk, there are a growing number of cyber-risk products and solutions becoming available.”